A veteran media relations strategist reads the morning news and looks at how the stories got there, what makes them interesting and highlights the best and worst of the day.

02/20/2013

Panic In the Streets? CNNMoney Gets One Right...

This blog frequently mocks business reporters for announcing crisises that have no victims, such as the non-scourge of people's homes being targeted for burglary based on their social media updates.

My rule is that you need at least one or two victims before you can report a problem like that or you're just making stuff up (probably at the behest of a consultant looking to use the media to build a service line).

That long introduction is to an admirably compact article by Steve Hargreaves of CNNMoney.com who reported today on risks to U.S. infrastructure from hacker attacks. He opens with a screen shot of a phishing e-mail sent to employees of a powerplant, which proves the risk is real.

Targeting third parties is something Petersen has experience with himself: His own firm was the subject of a so-called "spear phishing" attempt last year. In that attack, a crafty cyberthief fashioned an email to Digital Bond employees that seemed to come from Petersen himself (see graphic at top). It contained a link that, if clicked on, could have granted the perpetrator access to sensitive client data held by Digital Bond. The plan was only thwarted when an auto-forward function sent Petersen a copy.

The article is pegged to a security firm survey on Chinese attacks on U.S. systems and does engage in some of the usual listing of what "could" happen as a result instead of reporting what actually has - but at least the attacks are verified and we are seeing actual victims step up to discuss the risk, not just the consultants who stand to benefit from waving the resulting article around.

It was also a nice touch by Hargreaves to note that the only successful hacker attack on infrastructure so far was conducted by the U.S. and Israel on Iran, which is comforting on some level.

To be clear, the report from U.S.-based cybersecurity firm Mandiant did not say the Chinese government has actively tampered with these systems. The only two counties thought to have actually altered industrial processes in another country are the United States and Israel, which are suspected of infecting an Iranian uranium enrichment plant with malicious software that caused the centrifuges to spin out of control and self-destruct.